Job Requirements
Austin, TX
Top Secret Polygraph Unspecified
Career Level not specified
$137,600 - $184,000
Job Description
Description
- Lead threat modeling, security design reviews, and architecture reviews for customer engagements; identify and mitigate risks across systems and applications.
- Design and implement custom preventive, detective, and proactive controls - Service Control Policies (SCPs), Resource Control Policies (RCPs), policy-as-code (cfn-guard, OPA Rego, Cedar), and automated remediation workflows.
- Build secure-by-design Infrastructure-as-Code controls for Landing Zones, AWS Control Tower customizations, Zero-Trust architectures, and AI/ML workloads.
- Apply AWS security best practices for authentication and authorization, data handling, least privilege, encryption, micro-segmentation, tagging strategy, and API/MCP integration.
- Write and review IaC, scripts, enforcements and detections in Python, Terraform, AWS CDK, CloudFormation, and Rego.
- Build continuous compliance monitoring, automated evidence collection, visualization, reporting, and remediation pipelines that hold up in audit.
- Integrate custom controls with AWS-native and third-party security and compliance tooling.
- Drive emerging-edge ideas into prototyping end-to-end to inform new security and compliance solutions and products.
- Identify risks and edge cases; propose implementation paths and go/no-go gates.
- Apply systematic approaches to risk identification; propose compensating controls when direct remediation isn't possible.
- Help develop technical content
- Identify cross-team patterns, gaps, improvements.
- Travel to customer sites as needed.
About the team
The AWS Security Assurance Services team, within AWS Support, leverages the expertise and ingenuity of our builders to establish scalable security solutions for both internal and external customers that drive business outcomes. Our goal of securing the world's workloads requires reliable delivery of bar-raising security outcomes and investment in security mechanisms and automation on behalf of our customers.
AWS Security Assurance Services LLC, a PCI-QSAC and HITRUST External Assessor Firm, is a team of industry-certified assessors and Compliance Engineers with DevOps and Cloud Infrastructure Architect backgrounds, helping our customers achieve, maintain, and automate compliance in the cloud by tying applicable audit standards to AWS service-specific features and functionality. The SAS team works with our largest enterprise customers to operationalize the shared responsibility model as they migrate to the cloud.
Basic Qualifications
- 3+ years of programming in Python, Ruby, Go, Swift, Java, .Net, C++ or similar object oriented language experience
- 2+ years of scripting, programming, and security code review in a common programming language (non-internship) experience
- 2+ years of troubleshooting systems issues, analyzing logs, or automating basic tasks using command line tools (non-internship) experience
- Bachelor's degree in a STEM field (Science, Technology, Engineering, Mathematics), or experience in IT Security
- Knowledge of networking protocols such as HTTP, DNS and TCP/IP
- Experience in troubleshooting systems issues, analyzing logs, or automating basic tasks using command line tools (non-internship experience)
- Experience applying threat modeling or other risk identification techniques or equivalent
- Experience conveying complex technical concepts to both technical and business audiences
- Experience in any combination of the following: application security frameworks, security code reviews, incident response, secure infrastructure, penetration testing, mobile security, cloud security, AI security, identity and access controls, threat modeling, cryptography, threat intelligence, or secure software development
- Experience mentoring, coaching, and influencing colleagues, collaborators, and stakeholders
- • Demonstrated ability to write and review code, scripts, IaC, and detections in support of security defenses.
- • Demonstrated ability to lead security investigations and resolve root causes of operational and security issues.
Preferred Qualifications
- 2+ years of any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security experience
- 1+ years of continuous integration and continuous delivery (CI/CD) experience, or US government security clearance of top secret or above
- Experience as a mentor, tech lead or leading an engineering team
- Experience writing for developer and technical audiences - blog, product documentation, technical information
- • 5+ years as a technical specialist, including 3+ years in secure coding, software development, cloud security engineering, or related work
- • Strong programming and scripting skills in Python, TypeScript, Node.js, Go, Java, or .NET.
- • Hands-on Infrastructure-as-Code skills in Terraform, AWS CDK, or CloudFormation.
- • Hands-on experience with AWS security and governance services: Config, Security Hub, IAM, KMS, VPC, Lambda, CloudTrail, CloudWatch/EventBridge.
- • Experience deploying SCPs and RCPs in multi-account AWS Organizations.
- • Experience writing and deploying policy-as-code (cfn-guard, OPA Rego, Cedar, or equivalent).
- • Experience with AWS Control Tower customizations, Landing Zones, or Zero-Trust architectures.
- • Working knowledge of at least one compliance framework: SOC2, HIPAA, PCI-DSS, CIS, or NIST.
- • Experience producing audit-ready evidence and working with third-party assessors.
- • Spec-driven development; AI agentic design and Model Context Protocol (MCP) experience.
- • Industry and AWS certifications: AWS Solutions Architect Associate or Professional, AWS Security Specialty, CISSP, or equivalent.
Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status.
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit https://amazon.jobs/content/en/how-we-hire/accommodations for more information. If the country/region you're applying in isn't listed, please contact your Recruiting Partner.
The base salary range for this position is listed below. Your Amazon package will include sign-on payments and restricted stock units (RSUs). Final compensation will be determined based on factors including experience, qualifications, and location. Amazon also offers comprehensive benefits including health insurance (medical, dental, vision, prescription, Basic Life & AD&D insurance and option for Supplemental life plans, EAP, Mental Health Support, Medical Advice Line, Flexible Spending Accounts, Adoption and Surrogacy Reimbursement coverage), 401(k) matching, paid time off, and parental leave. Learn more about our benefits at https://amazon.jobs/en/benefits .
USA, TN, Nashville - 137,600.00 - 184,000.00 USD annually
USA, TX, Austin - 159,300.00 - 202,400.00 USD annually
USA, TX, Dallas - 159,300.00 - 202,400.00 USD annually
USA, TX, Houston - 159,300.00 - 202,400.00 USD annually
USA, VA, Arlington - 159,300.00 - 202,400.00 USD annually
USA, VA, Herndon - 159,300.00 - 202,400.00 USD annually
USA, WA, Seattle - 159,300.00 - 202,400.00 USD annually
- Lead threat modeling, security design reviews, and architecture reviews for customer engagements; identify and mitigate risks across systems and applications.
- Design and implement custom preventive, detective, and proactive controls - Service Control Policies (SCPs), Resource Control Policies (RCPs), policy-as-code (cfn-guard, OPA Rego, Cedar), and automated remediation workflows.
- Build secure-by-design Infrastructure-as-Code controls for Landing Zones, AWS Control Tower customizations, Zero-Trust architectures, and AI/ML workloads.
- Apply AWS security best practices for authentication and authorization, data handling, least privilege, encryption, micro-segmentation, tagging strategy, and API/MCP integration.
- Write and review IaC, scripts, enforcements and detections in Python, Terraform, AWS CDK, CloudFormation, and Rego.
- Build continuous compliance monitoring, automated evidence collection, visualization, reporting, and remediation pipelines that hold up in audit.
- Integrate custom controls with AWS-native and third-party security and compliance tooling.
- Drive emerging-edge ideas into prototyping end-to-end to inform new security and compliance solutions and products.
- Identify risks and edge cases; propose implementation paths and go/no-go gates.
- Apply systematic approaches to risk identification; propose compensating controls when direct remediation isn't possible.
- Help develop technical content
- Identify cross-team patterns, gaps, improvements.
- Travel to customer sites as needed.
About the team
The AWS Security Assurance Services team, within AWS Support, leverages the expertise and ingenuity of our builders to establish scalable security solutions for both internal and external customers that drive business outcomes. Our goal of securing the world's workloads requires reliable delivery of bar-raising security outcomes and investment in security mechanisms and automation on behalf of our customers.
AWS Security Assurance Services LLC, a PCI-QSAC and HITRUST External Assessor Firm, is a team of industry-certified assessors and Compliance Engineers with DevOps and Cloud Infrastructure Architect backgrounds, helping our customers achieve, maintain, and automate compliance in the cloud by tying applicable audit standards to AWS service-specific features and functionality. The SAS team works with our largest enterprise customers to operationalize the shared responsibility model as they migrate to the cloud.
Basic Qualifications
- 3+ years of programming in Python, Ruby, Go, Swift, Java, .Net, C++ or similar object oriented language experience
- 2+ years of scripting, programming, and security code review in a common programming language (non-internship) experience
- 2+ years of troubleshooting systems issues, analyzing logs, or automating basic tasks using command line tools (non-internship) experience
- Bachelor's degree in a STEM field (Science, Technology, Engineering, Mathematics), or experience in IT Security
- Knowledge of networking protocols such as HTTP, DNS and TCP/IP
- Experience in troubleshooting systems issues, analyzing logs, or automating basic tasks using command line tools (non-internship experience)
- Experience applying threat modeling or other risk identification techniques or equivalent
- Experience conveying complex technical concepts to both technical and business audiences
- Experience in any combination of the following: application security frameworks, security code reviews, incident response, secure infrastructure, penetration testing, mobile security, cloud security, AI security, identity and access controls, threat modeling, cryptography, threat intelligence, or secure software development
- Experience mentoring, coaching, and influencing colleagues, collaborators, and stakeholders
- • Demonstrated ability to write and review code, scripts, IaC, and detections in support of security defenses.
- • Demonstrated ability to lead security investigations and resolve root causes of operational and security issues.
Preferred Qualifications
- 2+ years of any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security experience
- 1+ years of continuous integration and continuous delivery (CI/CD) experience, or US government security clearance of top secret or above
- Experience as a mentor, tech lead or leading an engineering team
- Experience writing for developer and technical audiences - blog, product documentation, technical information
- • 5+ years as a technical specialist, including 3+ years in secure coding, software development, cloud security engineering, or related work
- • Strong programming and scripting skills in Python, TypeScript, Node.js, Go, Java, or .NET.
- • Hands-on Infrastructure-as-Code skills in Terraform, AWS CDK, or CloudFormation.
- • Hands-on experience with AWS security and governance services: Config, Security Hub, IAM, KMS, VPC, Lambda, CloudTrail, CloudWatch/EventBridge.
- • Experience deploying SCPs and RCPs in multi-account AWS Organizations.
- • Experience writing and deploying policy-as-code (cfn-guard, OPA Rego, Cedar, or equivalent).
- • Experience with AWS Control Tower customizations, Landing Zones, or Zero-Trust architectures.
- • Working knowledge of at least one compliance framework: SOC2, HIPAA, PCI-DSS, CIS, or NIST.
- • Experience producing audit-ready evidence and working with third-party assessors.
- • Spec-driven development; AI agentic design and Model Context Protocol (MCP) experience.
- • Industry and AWS certifications: AWS Solutions Architect Associate or Professional, AWS Security Specialty, CISSP, or equivalent.
Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status.
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit https://amazon.jobs/content/en/how-we-hire/accommodations for more information. If the country/region you're applying in isn't listed, please contact your Recruiting Partner.
The base salary range for this position is listed below. Your Amazon package will include sign-on payments and restricted stock units (RSUs). Final compensation will be determined based on factors including experience, qualifications, and location. Amazon also offers comprehensive benefits including health insurance (medical, dental, vision, prescription, Basic Life & AD&D insurance and option for Supplemental life plans, EAP, Mental Health Support, Medical Advice Line, Flexible Spending Accounts, Adoption and Surrogacy Reimbursement coverage), 401(k) matching, paid time off, and parental leave. Learn more about our benefits at https://amazon.jobs/en/benefits .
USA, TN, Nashville - 137,600.00 - 184,000.00 USD annually
USA, TX, Austin - 159,300.00 - 202,400.00 USD annually
USA, TX, Dallas - 159,300.00 - 202,400.00 USD annually
USA, TX, Houston - 159,300.00 - 202,400.00 USD annually
USA, VA, Arlington - 159,300.00 - 202,400.00 USD annually
USA, VA, Herndon - 159,300.00 - 202,400.00 USD annually
USA, WA, Seattle - 159,300.00 - 202,400.00 USD annually
group id: amazon
AWS Cleared Jobs: Why I Chose AWS
